IT Risk Management

Social Engineering

Understanding the human element of information security.

Social engineering relies profoundly on human interaction and often involves the misleading of employees into violating their organization’s security procedures. Humans are naturally helpful, but when it comes to protecting an organization’s security, being helpful to an outsider can do more harm than good.

Training

Security Awareness

Educating on security threats

Preparing employees to react

Strengthening security posture

Testing

Security Practices

Validating security training efforts

Establishing strengths and weaknesses

Providing insight for further training

Pratum’s ethical social engineering services are a true assessment of an organization’s security training and awareness practices. By performing social engineering assessments of an organization’s facilities and employees, Pratum is able to establish the baseline security posture and make recommendations for modifying and developing stronger policies and procedures.

External Social Engineering Assessments

Pretexting Phone Calls

Employees may struggle in recognizing the difference between a legitimate conversation with a valued customer and an unethical pretexter trolling for information. Performing an ethical pretexting phone campaign will help to validate your organization’s security procedures as they pertain to sharing information with customers, vendors, and internal staff.

Email Phishing

Email is the most prominent form of business communication, which is why attackers are so fond of using it to infiltrate networks and systems. Preparing employees and executives to recognize these types of attacks, and regularly testing them through ethical email phishing campaigns, is a surefire way to protect your organization against real phishing attackers.

Our consultants prepare emails that simulate a real-life, professional attack. We develop customized email, target specified employees, and monitor their engagement. Our analytics provide insight into who opened the email and what links were clicked. Our email campaigns are designed to give us a very real understanding of how your organization could be breached.

Internal Social Engineering Assessments

Dumpster Diving

Ethical dumpster diving provides a snapshot into the effectiveness of an organization’s data destruction policy. Everything from hand written notes to proposal drafts can be found in an organization’s dumpsters. If an attacker gets hold of passwords, proprietary business information, or personally identifiable information it could be crippling to an organization.

Facility Access - Onsite Security Assessment

Performing an unauthorized facility access attempt with an ethical attacker enables organizations to properly assess building access codes, IT Asset controls, and employee behavior. Pratum’s ethical attackers pose as employees, customers, or contracted workers in an effort to enter a facility and gain access to sensitive information without triggering alarms.

Social Engineering Report

Upon completion of the assessment, Pratum’s consultants provide an extensive social engineering report. The report highlights the activities of the assessment, details findings and provides guidance for future planning.